【发布时间】:2013-12-03 18:50:23
【问题描述】:
我正在尝试使用 AngularJS 发帖
$http.post('http://localhost:9393/doRegister',$scope.newUser).success (data)=>
alert data
到一个 sinatra 控制器
post '/doRegister' do
data = request.body.read
return data.password
end
我对 CORS 使用了以下配置
#CORS enable
before do
headers['Access-Control-Allow-Methods'] = 'GET, POST, PUT, DELETE, OPTIONS'
headers['Access-Control-Allow-Origin'] = '*'
headers['Access-Control-Allow-Headers'] = 'accept, authorization, origin'
end
options '*' do
response.headers['Allow'] = 'HEAD,GET,PUT,DELETE,OPTIONS,POST'
# Needed for AngularJS
response.headers['Access-Control-Allow-Headers'] = 'X-Requested-With, X-HTTP-Method-Override, Content-Type, Cache-Control, Accept'
end
但我仍然从 chrome 收到以下错误
XMLHttpRequest cannot load http://localhost:9393/doRegister. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:4567' is therefore not allowed access.
当我尝试调试应用程序时,控制台显示:
W, [2013-11-20T01:39:01.778466 #3716] WARN -- : attack prevented by Rack::Protection::HttpOrigin
127.0.0.1 - - [20/Nov/2013 01:39:01] "POST /doRegister HTTP/1.1" 403 - 0.0016
我尝试使用以下,cors_enable gem,rack/cors gem 我尝试使用以下选项禁用机架保护
use Rack::Protection::HttpOrigin, :origin_whitelist => ['*']
set :protection, :origin_whitelist => ['http://localhost:5445']
set :protection, :except => :frame_options
set :protection, :except => :json_csrf
set :protection, :except => :http_origin
我没有想法,请指教。
【问题讨论】:
-
你成功了吗?
标签: angularjs coffeescript sinatra cors rack